README revision 767c53c304b86460d72eeec7d3304172cdd904bd
6aa2272cc4af77e605ba2c4a4781f8567408b7e3pquerna BIND version 9 is a major rewrite of nearly all aspects of the
ee508128c414648982d1cca7801f63b01a0a4f8aminfrin underlying BIND architecture. Some of the important features of
347c9301068524042be654db3b2b055a9ec20633rpluem BIND 9 are:
347c9301068524042be654db3b2b055a9ec20633rpluem - DNS Security
29d3b95754d5730dde08bbda9dc76785894f10f8rpluem DNSSEC (signed zones)
29d3b95754d5730dde08bbda9dc76785894f10f8rpluem TSIG (signed DNS requests)
1266e0c1535091b37a0c6ea86183094e575cb8dagregames - IP version 6
1266e0c1535091b37a0c6ea86183094e575cb8dagregames Answers DNS queries on IPv6 sockets
29d3b95754d5730dde08bbda9dc76785894f10f8rpluem IPv6 resource records (AAAA)
dfd7e0be46ab5ef5b84339b4645d60fdc44cb4a5rpluem Experimental IPv6 Resolver Library
dfd7e0be46ab5ef5b84339b4645d60fdc44cb4a5rpluem - DNS Protocol Enhancements
dfd7e0be46ab5ef5b84339b4645d60fdc44cb4a5rpluem IXFR, DDNS, Notify, EDNS0
7461431ba407b0e1eac3d6a81440a4184e652e9fniq Improved standards conformance
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz One server process can provide multiple "views" of
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz the DNS namespace, e.g. an "inside" view to certain
2d5532b13110a8d85653da92e97795b09cc25cc2trawick clients, and an "outside" view to others.
b38565306421ff53e9f7499bc728d6df5cec294dpquerna - Multiprocessor Support
b38565306421ff53e9f7499bc728d6df5cec294dpquerna - Improved Portability Architecture
a6ea86151dd968120a12b48867d45947ef2bb9darpluem BIND version 9 development has been underwritten by the following
a6ea86151dd968120a12b48867d45947ef2bb9darpluem organizations:
a6ea86151dd968120a12b48867d45947ef2bb9darpluem Sun Microsystems, Inc.
a17ca1093e7dc28c1a54cfd9741f65653f5b2b19jim Hewlett Packard
a17ca1093e7dc28c1a54cfd9741f65653f5b2b19jim Compaq Computer Corporation
fa735cac4e86858f11c0de4f7cea50fa63eab87ecolm Process Software Corporation
fa735cac4e86858f11c0de4f7cea50fa63eab87ecolm Silicon Graphics, Inc.
fa735cac4e86858f11c0de4f7cea50fa63eab87ecolm Network Associates, Inc.
dbb3b82abaa9c0ad199a0a3d6a7a505136137c61colm U.S. Defense Information Systems Agency
dbb3b82abaa9c0ad199a0a3d6a7a505136137c61colm USENIX Association
dbb3b82abaa9c0ad199a0a3d6a7a505136137c61colm Stichting NLnet - NLnet Foundation
3d76cdd5855071bbfb95a27de7d77a8855d1e893niq Nominum, Inc.
3d76cdd5855071bbfb95a27de7d77a8855d1e893niq BIND 9.5.0 has a number of new features over 9.4,
3d76cdd5855071bbfb95a27de7d77a8855d1e893niq including:
bf0dec31a67271a4a67a6d3a3a9b3cdb41278390rpluem GSS-TSIG support (RFC 3645).
bf0dec31a67271a4a67a6d3a3a9b3cdb41278390rpluem DHCID support.
7612604db51e61f6ec4a6593c188e6d0640646abwrowe Experimental http server and statistics support for named via xml.
7612604db51e61f6ec4a6593c188e6d0640646abwrowe More detailed statistics counters including those supported in BIND 8.
7612604db51e61f6ec4a6593c188e6d0640646abwrowe Faster ACL processing.
0a2c6381b34b977101327f412a4b1ddc8a361ae7rpluem Use Doxygen to generate internal documentation.
0a2c6381b34b977101327f412a4b1ddc8a361ae7rpluem Efficient LRU cache-cleaning mechanism.
8828f8c859fabac8c0080440392bc279877f9802rpluem NSID support.
0830215c2542165c027f092c18924f2885c98b49trawick BIND 9.4.0 has a number of new features over 9.3,
be2abc811ae62b872703a7b43235598d641f8d8dmjc Implemented "additional section caching (or acache)", an
8f1c5a2aca731a7676bf74cdce67ec28557ec299trawick internal cache framework for additional section content to
bc886ee8559b4feb30d32dc8a50ba2c013c3cc02trawick improve response performance. Several configuration options
8f1c5a2aca731a7676bf74cdce67ec28557ec299trawick were provided to control the behavior.
9505e1a9012d92bfd2b6228e675156f44a27aa04colm New notify type 'master-only'. Enable notify for master
3aeb30211790fef38a8297f990b7ad3b2c46ece9colm zones only.
3aeb30211790fef38a8297f990b7ad3b2c46ece9colm Accept 'notify-source' style syntax for query-source.
6eb3a057b5e4f046faba79104d7941552de755dacolm rndc now allows addresses to be set in the server clauses.
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton New option "allow-query-cache". This lets allow-query be
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton used to specify the default zone access level rather than
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton having to have every zone override the global value.
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton allow-query-cache can be set at both the options and view
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton levels. If allow-query-cache is not set then allow-recursion
c07be90520f577cdffc0ee59a81e7f2be4ab24c6martin is used if set, otherwise allow-query is used if set, otherwise
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton the default (localhost; localnets;) is used.
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton rndc: the source address can now be specified.
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton ixfr-from-differences now takes master and slave in addition
6a9a6a63bae82591ea75fc602d5260109b8fa02ccolm to yes and no at the options and view levels.
70706a4d1ead0d72a443eac1cc446a0f1a4de069colm Allow the journal's name to be changed via named.conf.
70706a4d1ead0d72a443eac1cc446a0f1a4de069colm 'rndc notify zone [class [view]]' resend the NOTIFY messages
70706a4d1ead0d72a443eac1cc446a0f1a4de069colm for the specified zone.
9cfe09f7e922f7bdf61bfe10a47e8f25145cdf92colm 'dig +trace' now randomly selects the next servers to try.
9cfe09f7e922f7bdf61bfe10a47e8f25145cdf92colm Report if there is a bad delegation.
be2abc811ae62b872703a7b43235598d641f8d8dmjc Improve check-names error messages.
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton Make public the function to read a key file, dst_key_read_public().
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton dig now returns the byte count for axfr/ixfr.
2e02c854b4531480fe3f7ab353154c99c5bd97e8jorton allow-update is now settable at the options / view level.
a09378e32e823d5619f766394fcdde1cfa16c5dajim named-checkconf now checks the logging configuration.
a09378e32e823d5619f766394fcdde1cfa16c5dajim host now can turn on memory debugging flags with '-m'.
a09378e32e823d5619f766394fcdde1cfa16c5dajim Don't send notify messages to self.
a09378e32e823d5619f766394fcdde1cfa16c5dajim Perform sanity checks on NS records which refer to 'in zone' names.
ce8e09ffeb8c696f7fc6c5dfa8814c52caaac59bcolm New zone option "notify-delay". Specify a minimum delay
ce8e09ffeb8c696f7fc6c5dfa8814c52caaac59bcolm between sets of NOTIFY messages.
5340bb8547e62ec8ede44b1b086b7da37ee64eefcolm Extend adjusting TTL warning messages.
5340bb8547e62ec8ede44b1b086b7da37ee64eefcolm Named and named-checkzone can now both check for non-terminal
f6e71f622ffde40c654288851ff65b8505cf7596colm wildcard records.
f8ae06c7d0615d8b9441099794fe80a3f2915469colm named-checkconf now check acls to verify that they only
f8ae06c7d0615d8b9441099794fe80a3f2915469colm refer to existing acls.
6eb3a057b5e4f046faba79104d7941552de755dacolm The server syntax has been extended to support a range of
6eb3a057b5e4f046faba79104d7941552de755dacolm Report differences between hints and real NS rrset and
be2abc811ae62b872703a7b43235598d641f8d8dmjc associated address records.
dface6840439ab84a36749f40e7773ebfdc2066ejorton Preserve the case of domain names in rdata during zone
1febae173a82bc2a71c3c0ba4105cf674000791bjim Restructured the data locking framework using architecture
1febae173a82bc2a71c3c0ba4105cf674000791bjim dependent atomic operations (when available), improving
1febae173a82bc2a71c3c0ba4105cf674000791bjim response performance on multi-processor machines significantly.
1febae173a82bc2a71c3c0ba4105cf674000791bjim x86, x86_64, alpha, powerpc, and mips are currently supported.
2b409b0583ef844d6f85002160cbc6df95b9afa8jerenkrantz UNIX domain controls are now supported.
2b409b0583ef844d6f85002160cbc6df95b9afa8jerenkrantz Add support for additional zone file formats for improving
2b409b0583ef844d6f85002160cbc6df95b9afa8jerenkrantz loading performance. The masterfile-format option in
454d060a0d7b13606978c536f632be71e311959djerenkrantz named.conf can be used to specify a non-default format. A
454d060a0d7b13606978c536f632be71e311959djerenkrantz separate command named-compilezone was provided to generate
454d060a0d7b13606978c536f632be71e311959djerenkrantz zone files in the new format. Additionally, the -I and -O
454d060a0d7b13606978c536f632be71e311959djerenkrantz options for dnssec-signzone specify the input and output
1392b9997000dceb6aca39da0a1e6405ccb6f0a6jerenkrantz dnssec-signzone can now randomize signature end times
4b0a0ae3fd77f8fc8fd2a693be33ffe4d99cb94ajerenkrantz (dnssec-signzone -j jitter).
4b0a0ae3fd77f8fc8fd2a693be33ffe4d99cb94ajerenkrantz Add support for CH A record.
4b0a0ae3fd77f8fc8fd2a693be33ffe4d99cb94ajerenkrantz Add additional zone data constancy checks. named-checkzone
4b0a0ae3fd77f8fc8fd2a693be33ffe4d99cb94ajerenkrantz has extended checking of NS, MX and SRV record and the hosts
ee508128c414648982d1cca7801f63b01a0a4f8aminfrin they reference. named has extended post zone load checks.
ee508128c414648982d1cca7801f63b01a0a4f8aminfrin New zone options: check-mx and integrity-check.
f07ae092933846055c4ca046c5a65de83d79c9c6pquerna edns-udp-size can now be overridden on a per server basis.
f07ae092933846055c4ca046c5a65de83d79c9c6pquerna dig can now specify the EDNS version when making a query.
9b88ec397b4155f3ff79bf7c08de5f15d21765b3pquerna Added framework for handling multiple EDNS versions.
a42c13195a5c68d55f6b2bbf5b5e1e66ab45d5d4pquerna Additional memory debugging support to track size and mctx
2a90918318af50d5712ae7159e5625476332c184pquerna Detect duplicates of UDP queries we are recursing on and
2a90918318af50d5712ae7159e5625476332c184pquerna drop them. New stats category "duplicates".
ede0584e7ec53cc1ea832c5c50281431d9ecc576pquerna "USE INTERNAL MALLOC" is now runtime selectable.
ede0584e7ec53cc1ea832c5c50281431d9ecc576pquerna The lame cache is now done on a <qname,qclass,qtype> basis
ede0584e7ec53cc1ea832c5c50281431d9ecc576pquerna as some servers only appear to be lame for certain query
42167da203d969a1402cf7ce09c14586c04af1dfjim Limit the number of recursive clients that can be waiting
42167da203d969a1402cf7ce09c14586c04af1dfjim for a single query (<qname,qtype,qclass>) to resolve. New
81ebf4d4f943d1ec988dd10105354e510c2da1d8jim options clients-per-query and max-clients-per-query.
e62b34b26eb8e82bf6f06ff99a08e304b48792ecpquerna dig: report the number of extra bytes still left in the
e62b34b26eb8e82bf6f06ff99a08e304b48792ecpquerna packet after processing all the records.
27420b7ba57bf78f7a85b19fb0155053a3aff80dwrowe Support for IPSECKEY rdata type.
ceeb4b77f172b9d0125f1b4b323675d700b2c43bminfrin Raise the UDP recieve buffer size to 32k if it is less than 32k.
ceeb4b77f172b9d0125f1b4b323675d700b2c43bminfrin x86 and x86_64 now have seperate atomic locking implementations.
9152b0c4366af633c4b7982af01bd9a821f410d5pquerna named-checkconf now validates update-policy entries.
9152b0c4366af633c4b7982af01bd9a821f410d5pquerna Attempt to make the amount of work performed in a iteration
87d944bf70927764edf8ef69e46d3b4b8fa09131pquerna self tuning. The covers nodes clean from the cache per
87d944bf70927764edf8ef69e46d3b4b8fa09131pquerna iteration, nodes written to disk when rewriting a master
424c1a743525e9c5008e29b39a99363723409a1dtrawick file and nodes destroyed per iteration when destroying a
424c1a743525e9c5008e29b39a99363723409a1dtrawick zone or a cache.
4375cabac8fc22b3717687ffdbce9bbdf095f255trawick ISC string copy API.
4375cabac8fc22b3717687ffdbce9bbdf095f255trawick Automatic empty zone creation for D.F.IP6.ARPA and friends.
39dbd3f60b93f5e0fbf46d9ae237f6742e113442pquerna Note: RFC 1918 zones are not yet covered by this but are
39dbd3f60b93f5e0fbf46d9ae237f6742e113442pquerna likely to be in a future release.
89211a3153be8b03353c3bfbca45fed67cb80f0bpquerna New options: empty-server, empty-contact, empty-zones-enable
89211a3153be8b03353c3bfbca45fed67cb80f0bpquerna and disable-empty-zone.
89211a3153be8b03353c3bfbca45fed67cb80f0bpquerna dig now has a '-q queryname' and '+showsearch' options.
89211a3153be8b03353c3bfbca45fed67cb80f0bpquerna host/nslookup now continue (default)/fail on SERVFAIL.
a14ccf0f7e9b44c6848334823542a1799577f669pquerna dig now warns if 'RA' is not set in the answer when 'RD'
a14ccf0f7e9b44c6848334823542a1799577f669pquerna was set in the query. host/nslookup skip servers that fail
a14ccf0f7e9b44c6848334823542a1799577f669pquerna to set 'RA' when 'RD' is set unless a server is explicitly
a2e37e48efb113e8e4f9d9ca9c8286aaac6c936cpquerna Integrate contibuted DLZ code into named.
a2e37e48efb113e8e4f9d9ca9c8286aaac6c936cpquerna Integrate contibuted IDN code from JPNIC.
007ba11dc68651df7f872f35947ae82a595d9e02pquerna libbind: corresponds to that from BIND 8.4.7.
44ca834b970b454b844efb96f219bdf49fee71e5trawick BIND 9.3.0 has a number of new features over 9.2,
eb8430fd3bc941c0b3ba8bba3884b7fc464bf458pquerna DNSSEC is now DS based (RFC 3658).
fde88bb682426885c679198ee130d2d5a29e8c0fbnicholes See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
fde88bb682426885c679198ee130d2d5a29e8c0fbnicholes DNSSEC lookaside validation.
fde88bb682426885c679198ee130d2d5a29e8c0fbnicholes check-names is now implemented.
fde88bb682426885c679198ee130d2d5a29e8c0fbnicholes rrset-order in more complete.
fde88bb682426885c679198ee130d2d5a29e8c0fbnicholes IPv4/IPv6 transition support, dual-stack-servers.
60e385aa992e11a6cb0504e8d4fc35186e8d848bpquerna IXFR deltas can now be generated when loading master files,
60e385aa992e11a6cb0504e8d4fc35186e8d848bpquerna ixfr-from-differences.
d66ac514cc15e99228d72c56c6c3daf25da8d360niq It is now possible to specify the size of a journal, max-journal-size.
d66ac514cc15e99228d72c56c6c3daf25da8d360niq It is now possible to define a named set of master servers to be
e23b77006a8b079c0ad52e42ba2029e759455b8fjorton used in masters clause, masters.
e23b77006a8b079c0ad52e42ba2029e759455b8fjorton The advertised EDNS UDP size can now be set, edns-udp-size.
22c347c08cd77d5e2c32536b467b389fd33d631fpquerna allow-v6-synthesis has been obsoleted.
b6e2b36d6972a0e243368eb567e91d511fb40b1bbnicholes * Zones containing MD and MF will now be rejected.
b6e2b36d6972a0e243368eb567e91d511fb40b1bbnicholes * dig, nslookup name. now report "Not Implemented" as
b6e2b36d6972a0e243368eb567e91d511fb40b1bbnicholes NOTIMP rather than NOTIMPL. This will have impact on scripts
b6e2b36d6972a0e243368eb567e91d511fb40b1bbnicholes that are looking for NOTIMPL.
e5882a36d7756850cc829f5f2286120b877458b1pquerna libbind: corresponds to that from BIND 8.4.5.
8b7594c66e764f5cd3506b6f2459497ab65a8b03pquerna BIND 9.2.0 has a number of new features over 9.1,
8c46f9f81ae6357dc97560d6d85154f19cf251aejim including:
20f1b1a67eef5ab0f3295608c89964a7dca4fdd1pquerna - The size of the cache can now be limited using the
20f1b1a67eef5ab0f3295608c89964a7dca4fdd1pquerna "max-cache-size" option.
20f1b1a67eef5ab0f3295608c89964a7dca4fdd1pquerna - The server can now automatically convert RFC1886-style
599c5abcc7fec60611956f56b732eca033c287d2pquerna recursive lookup requests into RFC2874-style lookups,
599c5abcc7fec60611956f56b732eca033c287d2pquerna when enabled using the new option "allow-v6-synthesis".
599c5abcc7fec60611956f56b732eca033c287d2pquerna This allows stub resolvers that support AAAA records
e76fdcdfb8994ad70776526f50fa013b3e9a6033bnicholes but not A6 record chains or binary labels to perform
e76fdcdfb8994ad70776526f50fa013b3e9a6033bnicholes lookups in domains that make use of these IPv6 DNS
eb9b491d7b262dad572ec2f1f75eea592283f81apquerna - Performance has been improved.
c5cb4c9e7c8696907ddebab2a0037717c710b0f6jorton - The man pages now use the more portable "man" macros
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive rather than the "mandoc" macros, and are installed
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive by "make install".
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive - The named.conf parser has been completely rewritten.
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive It now supports "include" directives in more
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive places such as inside "view" statements, and it no
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive longer has any reserved words.
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive - The "rndc status" command is now implemented.
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive - rndc can now be configured automatically.
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive - A BIND 8 compatible stub resolver library is now
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive included in lib/bind.
6d00a5e2c08ddbff9614ecc17a1c085462811f89slive - OpenSSL has been removed from the distribution. This
4f6e78091b3f45a5782389ae25b62516a7a0c842bnicholes means that to use DNSSEC, OpenSSL must be installed and
4f6e78091b3f45a5782389ae25b62516a7a0c842bnicholes the --with-openssl option must be supplied to configure.
4f6e78091b3f45a5782389ae25b62516a7a0c842bnicholes This does not apply to the use of TSIG, which does not
4f6e78091b3f45a5782389ae25b62516a7a0c842bnicholes require OpenSSL.
7d15331eeb5429d7148d13d6fd914a641bf1c000pquerna - The source distribution now builds on Windows NT/2000.
7d15331eeb5429d7148d13d6fd914a641bf1c000pquerna See win32utils/readme1.txt and win32utils/win32-build.txt
7d15331eeb5429d7148d13d6fd914a641bf1c000pquerna for details.
e9be3aacfd6c0a1208e6c91a133be92ed0f94fe1bnicholes This distribution also includes a new lightweight stub
e9be3aacfd6c0a1208e6c91a133be92ed0f94fe1bnicholes resolver library and associated resolver daemon that fully
e9be3aacfd6c0a1208e6c91a133be92ed0f94fe1bnicholes support forward and reverse lookups of both IPv4 and IPv6
1d14622beee568462689b2bbc6a9e0e9b6a40583striker addresses. This library is considered experimental and
1d14622beee568462689b2bbc6a9e0e9b6a40583striker is not a complete replacement for the BIND 8 resolver library.
6e5f5644328bf50c3aa295d0ab20903369010829gregames Applications that use the BIND 8 res_* functions to perform
6e5f5644328bf50c3aa295d0ab20903369010829gregames DNS lookups or dynamic updates still need to be linked against
6e5f5644328bf50c3aa295d0ab20903369010829gregames the BIND 8 libraries. For DNS lookups, they can also use the
e978097e0bf2ae161b6f9dde40eaf089bf046c89ake new "getrrsetbyname()" API.
e978097e0bf2ae161b6f9dde40eaf089bf046c89ake BIND 9.2 is capable of acting as an authoritative server
275419d6395e6f072962fb701b89accaff1f3690jerenkrantz for DNSSEC secured zones. This functionality is believed to
275419d6395e6f072962fb701b89accaff1f3690jerenkrantz be stable and complete except for lacking support for
275419d6395e6f072962fb701b89accaff1f3690jerenkrantz verifications involving wildcard records in secure zones.
e777da9fa7ff3138fead7860b53ef00e67a40e26jerenkrantz When acting as a caching server, BIND 9.2 can be configured
e777da9fa7ff3138fead7860b53ef00e67a40e26jerenkrantz to perform DNSSEC secure resolution on behalf of its clients.
e777da9fa7ff3138fead7860b53ef00e67a40e26jerenkrantz This part of the DNSSEC implementation is still considered
8bdea88407c848c1c2693655e2f8b23abde12307bnicholes experimental. For detailed information about the state of the
8bdea88407c848c1c2693655e2f8b23abde12307bnicholes DNSSEC implementation, see the file doc/misc/dnssec.
275419d6395e6f072962fb701b89accaff1f3690jerenkrantz There are a few known bugs:
8e7fb6968047a527d1ccde25ad2aed20da5150ddjerenkrantz On some systems, IPv6 and IPv4 sockets interact in
8e7fb6968047a527d1ccde25ad2aed20da5150ddjerenkrantz unexpected ways. For details, see doc/misc/ipv6.
5a9fa4d75086e942f6e850e1a2e96c4c27a845d0jerenkrantz To reduce the impact of these problems, the server
5a9fa4d75086e942f6e850e1a2e96c4c27a845d0jerenkrantz no longer listens for requests on IPv6 addresses
5a9fa4d75086e942f6e850e1a2e96c4c27a845d0jerenkrantz by default. If you need to accept DNS queries over
5a9fa4d75086e942f6e850e1a2e96c4c27a845d0jerenkrantz IPv6, you must specify "listen-on-v6 { any; };"
5a9fa4d75086e942f6e850e1a2e96c4c27a845d0jerenkrantz in the named.conf options statement.
36c8049de63c446926139936c3d195330a0539cetrawick FreeBSD prior to 4.2 (and 4.2 if running as non-root)
36c8049de63c446926139936c3d195330a0539cetrawick and OpenBSD prior to 2.8 log messages like
36c8049de63c446926139936c3d195330a0539cetrawick "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
36c8049de63c446926139936c3d195330a0539cetrawick This is due to a bug in "/dev/random" and impacts the
36c8049de63c446926139936c3d195330a0539cetrawick server's DNSSEC support.
0206c121a68a63559b2e843288e81bcf16093e46jerenkrantz OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
9174efb969475801d0dc88eee35aae40c748d450nd OS X 10.2 (Darwin 6.0) reports errors like
0206c121a68a63559b2e843288e81bcf16093e46jerenkrantz "fcntl(3, F_SETFL, 4): Operation not supported by device".
8ff094bdec6a2e1c355c1e6e95e9952d4fae7766jerenkrantz This is due to a bug in "/dev/random" and impacts the
8ff094bdec6a2e1c355c1e6e95e9952d4fae7766jerenkrantz server's DNSSEC support.
628cf3411e8a6d09e27b3666312e43832dda93f3jorton --with-libtool does not work on AIX.
f0d89a5a23222e031db8113478645f28688fa748jorton --with-libtool does not work on SunOS 4. configure
f0d89a5a23222e031db8113478645f28688fa748jorton requires "printf" which is not available.
f0d89a5a23222e031db8113478645f28688fa748jorton A bug in the Windows 2000 DNS server can cause zone transfers
f0d89a5a23222e031db8113478645f28688fa748jorton from a BIND 9 server to a W2K server to fail. For details,
f0d89a5a23222e031db8113478645f28688fa748jorton see the "Zone Transfers" section in doc/misc/migration.
f0d89a5a23222e031db8113478645f28688fa748jorton For a detailed list of user-visible changes from
f0d89a5a23222e031db8113478645f28688fa748jorton previous releases, see the CHANGES file.
afc08f35f5f387896bc625cdee21b88c7fe7699djerenkrantz BIND 9 currently requires a UNIX system with an ANSI C compiler,
a0fd132e01ab69f1c48e3d6a6791447cb6d65e51jerenkrantz basic POSIX support, and a 64 bit integer type.
a6bb6f2fb734e488a9b6335fabea3431f9dcf253jerenkrantz We've had successful builds and tests on the following systems:
a6bb6f2fb734e488a9b6335fabea3431f9dcf253jerenkrantz COMPAQ Tru64 UNIX 5.1B
3ca80e703a960eca0760c23636b7fe502a8f0342bnicholes Fedora Core 6
3ca80e703a960eca0760c23636b7fe502a8f0342bnicholes FreeBSD 4.10, 5.2.1, 6.2
3ca80e703a960eca0760c23636b7fe502a8f0342bnicholes Mac OS X 10.5
3ca80e703a960eca0760c23636b7fe502a8f0342bnicholes NetBSD 3.x and 4.0-beta
5300d4a4fabe3b594da950e4b9ab0f90e076546ejerenkrantz OpenBSD 3.3 and up
5300d4a4fabe3b594da950e4b9ab0f90e076546ejerenkrantz Solaris 8, 9, 9 (x86), 10
5300d4a4fabe3b594da950e4b9ab0f90e076546ejerenkrantz Ubuntu 7.04, 7.10
b1306729566b49fb30aed5c46adaf07a637115afjerenkrantz Windows NT/2000/XP/2003
b1306729566b49fb30aed5c46adaf07a637115afjerenkrantz We have recent reports from the user community that a supported
aa50e6503e0c7fbdc7d9bfab7d3a5fa640c2c8c1wrowe version of BIND will build and run on the following systems:
418ee053321d0ee451bb482a9becdfcd3344201fjim AIX 4.3, 5L
5c6cb72bfeee541644cea8177aefce1157571d3bjerenkrantz CentOS 4, 4.5, 5
5c6cb72bfeee541644cea8177aefce1157571d3bjerenkrantz Darwin 9.0.0d1/ARM
db8551deeb08fa799e7f27e8b748a9397f747bdcjorton Fedora Core 5, 7
db8551deeb08fa799e7f27e8b748a9397f747bdcjorton FreeBSD 6.1
db8551deeb08fa799e7f27e8b748a9397f747bdcjorton HP-UX 11.23 PA
db8551deeb08fa799e7f27e8b748a9397f747bdcjorton MacOS X 10.4, 10.5
9e3209bc06ddf32f23e4b254faa45914bc323cc9jim Red Hat Enterprise Linux 4, 5
9e3209bc06ddf32f23e4b254faa45914bc323cc9jim SCO OpenServer 5.0.6
9e3209bc06ddf32f23e4b254faa45914bc323cc9jim Slackware 9, 10
45ed846f4ed90f05c084f6a33d688e642be4e623jerenkrantz To build, just
54d22ed1c429b903b029bbd62621f11a9e286137minfrin ./configure
54d22ed1c429b903b029bbd62621f11a9e286137minfrin Do not use a parallel "make".
54d22ed1c429b903b029bbd62621f11a9e286137minfrin Several environment variables that can be set before running
54d22ed1c429b903b029bbd62621f11a9e286137minfrin configure will affect compilation:
92e8e44864d94866eefcbfde0a53fa3d12855149jerenkrantz The C compiler to use. configure tries to figure
06106b6b63b112a09de1b66fa29596035c0176ffthommay out the right one for supported systems.
e335319a08e12eb7daff9afa80e985dc53f652b8jorton C compiler flags. Defaults to include -g and/or -O2
e335319a08e12eb7daff9afa80e985dc53f652b8jorton as supported by the compiler.
e335319a08e12eb7daff9afa80e985dc53f652b8jorton STD_CINCLUDES
e335319a08e12eb7daff9afa80e985dc53f652b8jorton System header file directories. Can be used to specify
c8794ec1e4c474ae101ce3835080f638136e7860erikabele where add-on thread or IPv6 support is, for example.
c8794ec1e4c474ae101ce3835080f638136e7860erikabele Defaults to empty string.
c8794ec1e4c474ae101ce3835080f638136e7860erikabele STD_CDEFINES
c8794ec1e4c474ae101ce3835080f638136e7860erikabele Any additional preprocessor symbols you want defined.
bb07ee33bce1a448bcc60ca43720b1ab1c413f87minfrin Defaults to empty string.
22dda44322067379eeba28d7ec7fc833cb04c0dfminfrin Possible settings:
22dda44322067379eeba28d7ec7fc833cb04c0dfminfrin Change the default syslog facility of named/lwresd.
7b6ba9c468f26bdb3492d5e8cb79628a3b04e8c8wrowe -DISC_FACILITY=LOG_LOCAL0
7b6ba9c468f26bdb3492d5e8cb79628a3b04e8c8wrowe Enable DNSSEC signature chasing support in dig.
7b6ba9c468f26bdb3492d5e8cb79628a3b04e8c8wrowe -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
7b6ba9c468f26bdb3492d5e8cb79628a3b04e8c8wrowe -DDIG_SIGCHASE_BU=1)
77edcaaccc089335938f3844b752e1044f7eb278trawick Disable dropping queries from particular well known ports.
77edcaaccc089335938f3844b752e1044f7eb278trawick -DNS_CLIENT_DROPPORT=0
59b1b6c3fd51c83c3bb9f02a8f08751335f9fb1dminfrin Linker flags. Defaults to empty string.
59b1b6c3fd51c83c3bb9f02a8f08751335f9fb1dminfrin The following need to be set when cross compiling.
9f1a88897168c3f1e5009acb585daf01e38a0299jim The native C compiler.
9f1a88897168c3f1e5009acb585daf01e38a0299jim BUILD_CFLAGS (optional)
9f1a88897168c3f1e5009acb585daf01e38a0299jim BUILD_CPPFLAGS (optional)
616a448c1fca1648622707df5a1aae7316bb3d5djim Possible Settings:
616a448c1fca1648622707df5a1aae7316bb3d5djim -DNEED_OPTARG=1 (optarg is not declared in <unistd.h>)
616a448c1fca1648622707df5a1aae7316bb3d5djim BUILD_LDFLAGS (optional)
616a448c1fca1648622707df5a1aae7316bb3d5djim BUILD_LIBS (optional)
5a8bb5948d2a258145174320587706de3219d8a3pquerna To build shared libraries, specify "--with-libtool" on the
5a8bb5948d2a258145174320587706de3219d8a3pquerna configure command line.
5a8bb5948d2a258145174320587706de3219d8a3pquerna For the server to support DNSSEC, you need to build it
0cba3a63e59bfa77f67955cb4e034264ed6c5523jerenkrantz with crypto support. You must have OpenSSL 0.9.5a
0cba3a63e59bfa77f67955cb4e034264ed6c5523jerenkrantz or newer installed and specify "--with-openssl" on the
e5abee85fe751fc27c5d4fc9a8ebe3b80f3d6603trawick configure command line. If OpenSSL is installed under
e5abee85fe751fc27c5d4fc9a8ebe3b80f3d6603trawick a nonstandard prefix, you can tell configure where to
e5abee85fe751fc27c5d4fc9a8ebe3b80f3d6603trawick look for it using "--with-openssl=/prefix".
ca3a25d12c5fe0926aa97550be39f0d88d0decb1pquerna To build libbind (the BIND 8 resolver library), specify
ca3a25d12c5fe0926aa97550be39f0d88d0decb1pquerna "--enable-libbind" on the configure command line.
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz On some platforms, BIND 9 can be built with multithreading
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz support, allowing it to take advantage of multiple CPUs.
4d553781254e46f1dfc8d86b79667a74fb8a3eb5brianp You can specify whether to build a multithreaded BIND 9
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz by specifying "--enable-threads" or "--disable-threads"
8f868f15482c7406db01216b6e4778ddabb26898trawick on the configure command line. The default is operating
8f868f15482c7406db01216b6e4778ddabb26898trawick system dependent.
8f868f15482c7406db01216b6e4778ddabb26898trawick Support for the "fixed" rrset-order option can be enabled
f902601ea431a9b56106e0f5f641dd5fd7efbc30jorton or disabled by specifying "--enable-fixed-rrset" or
f902601ea431a9b56106e0f5f641dd5fd7efbc30jorton "--disable-fixed-rrset" on the configure command line.
f902601ea431a9b56106e0f5f641dd5fd7efbc30jorton The default is "disabled", to reduce memory footprint.
1e1e4f4f810b99732f06fc05141f42ca1965a9edpquerna If your operating system has integrated support for IPv6, it
1e1e4f4f810b99732f06fc05141f42ca1965a9edpquerna will be used automatically. If you have installed KAME IPv6
1e1e4f4f810b99732f06fc05141f42ca1965a9edpquerna separately, use "--with-kame[=PATH]" to specify its location.
5f80956ca9d98d5482f38eef0c465df0923d7781jerenkrantz "make install" will install "named" and the various BIND 9 libraries.
5f80956ca9d98d5482f38eef0c465df0923d7781jerenkrantz By default, installation is into /usr/local, but this can be changed
78fcc425fc9fc58202a1693fe40dd0ce75c031ffjorton with the "--prefix" option when running "configure".
78fcc425fc9fc58202a1693fe40dd0ce75c031ffjorton You may specify the option "--sysconfdir" to set the directory
78fcc425fc9fc58202a1693fe40dd0ce75c031ffjorton where configuration files like "named.conf" go by default,
d2ffb32434f79782ff7a364ffa31064698c5c645jorton and "--localstatedir" to set the default parent directory
d2ffb32434f79782ff7a364ffa31064698c5c645jorton of "run/named.pid". For backwards compatibility with BIND 8,
d2ffb32434f79782ff7a364ffa31064698c5c645jorton --sysconfdir defaults to "/etc" and --localstatedir defaults to
d2ffb32434f79782ff7a364ffa31064698c5c645jorton "/var" if no --prefix option is given. If there is a --prefix
01847067cfc639c14e1aa77d3b3e98f239447a12jerenkrantz option, sysconfdir defaults to "$prefix/etc" and localstatedir
01847067cfc639c14e1aa77d3b3e98f239447a12jerenkrantz defaults to "$prefix/var".
01847067cfc639c14e1aa77d3b3e98f239447a12jerenkrantz To see additional configure options, run "configure --help".
9fe74ffcdea85800f04a7222f716f78ae60cce51jerenkrantz Note that the help message does not reflect the BIND 8
9fe74ffcdea85800f04a7222f716f78ae60cce51jerenkrantz compatibility defaults for sysconfdir and localstatedir.
dae3cb64cc6681b5f6b0fd12e7f8f6296ffaa19abnicholes If you're planning on making changes to the BIND 9 source, you
dae3cb64cc6681b5f6b0fd12e7f8f6296ffaa19abnicholes should also "make depend". If you're using Emacs, you might find
d2ffb32434f79782ff7a364ffa31064698c5c645jorton "make tags" helpful.
81540a0eb1da2c687e22de3367d8ded55e17e330pquerna If you need to re-run configure please run "make distclean" first.
d2ffb32434f79782ff7a364ffa31064698c5c645jorton This will ensure that all the option changes take.
ce66c67eba79a20118d8664b65b0c9eeec1bebdabnicholes Building with gcc is not supported, unless gcc is the vendor's usual
ce66c67eba79a20118d8664b65b0c9eeec1bebdabnicholes compiler (e.g. the various BSD systems, Linux).
ce66c67eba79a20118d8664b65b0c9eeec1bebdabnicholes Known compiler issues:
ce66c67eba79a20118d8664b65b0c9eeec1bebdabnicholes * gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
ce66c67eba79a20118d8664b65b0c9eeec1bebdabnicholes * gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
6cfc2ed5a8e633c5a40fec65775868d53952d992trawick * gcc-3.3.5 powerpc generates incorrect code at -02.
6cfc2ed5a8e633c5a40fec65775868d53952d992trawick * Irix, MipsPRO 7.4.1m is known to cause problems.
6cfc2ed5a8e633c5a40fec65775868d53952d992trawick A limited test suite can be run with "make test". Many of
6cfc2ed5a8e633c5a40fec65775868d53952d992trawick the tests require you to configure a set of virtual IP addresses
6cfc2ed5a8e633c5a40fec65775868d53952d992trawick on your system, and some require Perl; see bin/tests/system/README
5159c40648868a58745aa11981f706948ff0f0d1pquerna for details.
5159c40648868a58745aa11981f706948ff0f0d1pquerna SunOS 4 requires "printf" to be installed to make the shared
c178b761acd6bffa199c2fd28c4469492b989699nd libraries. sh-utils-1.16 provides a "printf" which compiles
9174efb969475801d0dc88eee35aae40c748d450nd on SunOS 4.
9c6bbd67082b5a47fb17cfa5b61b8a7e1fb01875pquernaDocumentation
9c6bbd67082b5a47fb17cfa5b61b8a7e1fb01875pquerna The BIND 9 Administrator Reference Manual is included with the
9c6bbd67082b5a47fb17cfa5b61b8a7e1fb01875pquerna source distribution in DocBook XML and HTML format, in the
572f5b8a84bb399e51b02a562776f4aec119aa95pquerna Some of the programs in the BIND 9 distribution have man pages
572f5b8a84bb399e51b02a562776f4aec119aa95pquerna in their directories. In particular, the command line
1b03ca18c41f51a25dcf1a623a8f558bd779e0a4jerenkrantz options of "named" are documented in /bin/named/named.8.
1b03ca18c41f51a25dcf1a623a8f558bd779e0a4jerenkrantz There is now also a set of man pages for the lwres library.
1b03ca18c41f51a25dcf1a623a8f558bd779e0a4jerenkrantz If you are upgrading from BIND 8, please read the migration
1b03ca18c41f51a25dcf1a623a8f558bd779e0a4jerenkrantz notes in doc/misc/migration. If you are upgrading from
1b03ca18c41f51a25dcf1a623a8f558bd779e0a4jerenkrantz Frequently asked questions and their answers can be found in
db443e0132f14dac789ab97ec23ce124360d74c2ndBug Reports and Mailing Lists
4ac7a7c09ac5732b09f8bf28873f7e9efcab34d5bnicholes Bugs reports should be sent to
4ac7a7c09ac5732b09f8bf28873f7e9efcab34d5bnicholes bind9-bugs@isc.org
4ac7a7c09ac5732b09f8bf28873f7e9efcab34d5bnicholes To join the BIND Users mailing list, send mail to
4ac7a7c09ac5732b09f8bf28873f7e9efcab34d5bnicholes bind-users-request@isc.org
ce8490f3812311582d1deee96b012c377311b317minfrin archives of which can be found via
38f6ebaca968b7b23c25c0b30d0be1c7aad7412bjorton If you're planning on making changes to the BIND 9 source
38f6ebaca968b7b23c25c0b30d0be1c7aad7412bjorton code, you might want to join the BIND Workers mailing list.
cc7d8b55b16eee88be925a090473ca94b0a6e770jorton Send mail to
cc7d8b55b16eee88be925a090473ca94b0a6e770jorton bind-workers-request@isc.org